[Samba] Samba 4 - disabling SSLv3 to mitigate POODLE effects
Rowland Penny
rowlandpenny at googlemail.com
Tue Nov 4 04:24:38 MST 2014
On 04/11/14 11:07, Chris Alavoine wrote:
> Hi all,
>
> Am trying to find a way to disable SSLv3 protocol in smb.conf on Samba4.
>
> I am using the following:
>
> tls enabled = yes
> tls keyfile = tls/myKey.pem
> tls certfile = tls/myCert.pem
> tls cafile =
>
> With a self-signed cert.
>
> But when I remote connect from another host using:
>
> openssl s_client -showcerts -connect samba4-dc:636 -ssl3
>
> I get a successful connection.
>
> Any ideas?
>
> Thanks,
> Chris.
>
>
>
Hi, by my reading of 'man s_client', you have turned **off** ssl v3
-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1, -no_tls1_1,
-no_tls1_2
these options disable the use of certain SSL or TLS
protocols. By
default the initial handshake uses a method which should be
compatible with all servers and permit them to use SSL v3,
SSL v2
or TLS as appropriate.
Rowland
More information about the samba
mailing list